Sender Checks

Sender checks allow you to verify whether an email originates from where it claims to come from. Email Security uses DMARC, SPF, DKIM and Header anomalies checks to do this.

Restriction This option is only available if your license includes Sophos Email.
Note If an option is locked global settings have been applied by your partner or Enterprise administrator.

Sender checks are performed in the order they appear in the UI. If an email fails the first sender check, the other checks are not carried out.

You can override the sender checks by allowing domains and email addresses in the Inbound allow list.

DMARC

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication policy and reporting protocol. It builds on the DKIM and SPF protocols to detect and prevent email spoofing. You can control what happens to messages that fail DMARC checks.

Select from:

  • Conform to sender policy : What happens to the message depends on what the sender stated in their DMARC policy. (This is the default value.)
  • Tag subject line: Email Security adds a tag to the message's subject line indicating that it is a spoofed message.
  • Quarantine: Message is quarantined.
  • Reject: Message is rejected.
  • Deliver: Sends the message to the mail server for delivery.

SPF

SPF (Sender Policy Framework) allows you to verify that incoming email comes from an IP address authorized by the sending domain's administrators.

Emails from IP addresses marked as "fail" by the sending domain's administrators are rejected.

Spam and phishing emails often use forged addresses. This results in an SPF check rejecting the email.

DKIM

DKIM (DomainKeys Identified Mail) is an authentication framework used to sign and validate a message based on the domain of the sender. You can control what happens to messages that fail DKIM checks.

Select from:

  • Tag subject line: Email Security adds a tag to the message's subject line indicating that it is a spoofed message. (This is the default value.)
  • Quarantine: Message is quarantined.
  • Reject: Message is rejected.
  • Deliver: Sends the message to the mail server for delivery.

Header anomalies

The Header anomalies check identifies email that appears to come from your own domain but originates from an external domain by checking the from header of the email against the recipient domain, and the from address in the envelope.

  • If the domain in the from address matches the recipient's domain, the mail is considered to be spoofed.
  • If the from address in the header is different to the from address in the envelope, the mail is considered to be spoofed.
Note The header needs to match both the criteria above to trigger the Header anomalies check.

You can control what happens to messages that fail the Header anomalies check.

Select from:

  • Tag subject line: Email Security adds a tag to the message's subject line indicating that it is a spoofed message. (This is the default value.)
  • Quarantine: Message is quarantined.
  • Reject: Message is rejected.
  • Deliver: Sends the message to the mail server for delivery.